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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 ,1 36(a), In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- tf the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• tf NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )(3 Responsive to communication(s) filed on 26 April 2004 . 
2a)l3 This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11. 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 33-55 is/are pending in the application. 

4a) Of the above claim(s) Is/are withdrawn from consideration. 

5) \3 Claim(s) is/are allowed. 

6) 13 Claim(s) 44-55 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)\3 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d), 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action orfomri PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (0- 
a)n All b)n Some * 0)0 None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the Intemational Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Response to Amendment 

1 . This Office Action is responsive to the amendment filed on April 26, 2004, in which 
claims 1-34 were canceled and 35-55 added. 

2. Claims 35-55 have been examined. 

Claim Rejections - 35 USC § 103 



3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 35, 37-42,44-49, 51-55 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent No. 6205437 to Gifford in view of U.S. Patent No. 6327578 to Linehan. 

Referring to claims 35 and 42, Gifford discloses storing a public key associated with a 
public key infrastructure (PKI) key pair in a profile database (see col. 10, lines 37-42), in 
response to receiving an authentication request from a buyer over a network, the authentication 

request including a description of the payment transaction and an identity of a seller (see col. 6, 

\ 

lines 16-32), storing a digitally signed record of the payment transaction in a transaction archive, 
i.e. "transaction database" (see col. 8, lines 16-19) and sending an authentication response to the 
seller over the network (see col. 6, lines 52-61). Gifford does not expressly disclose sending a 
challenge request to the buyer over the network, the challenge request including a message to be 
digitally signed by the buyer using a private key associate with the PKI key pair, or in response 
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to receiving a challenge response from the buyer over the network, the challenge response 
including the digitally singed message, determining whether the buyer has access to the private 
key by using the public key to decrypt the digitally signed message. Linehan discloses sending a 
challenge request to the buyer over the network, the challenge request including a message to be 
digitally signed by the buyer using a private key associate with the PKI key pair, or in response 
to receiving a challenge response from the buyer over the network, the challenge response 
including the digitally singed message, determining whether the buyer has access to the private 
key by using the public key to decrypt the digitally signed message (see col. 4, Unes 10-44 and 
col. 7, lines 21-38). At the time the invention was made, it would have been obvious to a person 
of ordinary skill in the art to modify the method disclose by Gifford to include the steps of 
sending a challenge request to the buyer over the network, the challenge request including a 
message to be digitally signed by the buyer using a private key associate with the PKI key pair 
and in response to receiving a challenge response from the buyer over the network, the challenge 
response including the digitally singed message, determining whether the buyer has access to the 
private key by using the public key to decrypt the digitally signed message. One of ordinary skill 
in the art would have been motivated to do this because it provides security and verification 
means, thereby preventing fraud. 

Referring to claims 37,44 and 51, Gifford discloses the method wherein the record of the 
payment transaction is digitally signed using the private key (see col. 10, lines 43-45). 

Referring to claims 38,45 and 52, Gifford discloses the method wherein the record of the 
online transaction is digitally signed using a local private key (see col 10, hues 48 & 49). 
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Referring to claims 39,46 and 53, Gifford discloses the method wherein the public key is 
stored in the form of a digital certificate representing that the pubUc key is tied to the buyer (see 
col. 7, Unes 44-46). 

Referring to claims 40,47 and 54, Gifford discloses several databases including account 
database storing account information and an address database storing shipping address 
information (see col 8, lines 12-24 and 33-36). Gifford also discloses receiving a selection of 
one of the plurality of payment instruments (i.e. "means of payment") and one of the plurality of 
shipping addresses form the buyer over the network (see col. 5, lines 34-50; col. 8, lines 33-35). 
Gifford does not expressly disclose retrieving a buyer profile from the database, the buyer profile 
including a plurality of payment instruments and a plurahty of shipping address and sending the 
buyer profile to the buyer over the network; however, these are inherent steps. Before selecting 
the method of payment and address information, the buyer must first be provided with his 
profile. 

Referring to claims 41,48 and 55, Gifford discloses processing the payment transaction 
via a payment gateway (i.e. "payment computer"), see col. 6, lines 12-14. 

Referring to claim 49, Gifford discloses a profile database, i.e. account database and 
address database, transaction archive, i.e. settlement database" (see col. 7, lines 66-67 & col. 8, 
lines 1-7) an authentication service web server (i.e. "payment computer") coupled to the profile 
database, the transaction archive and the network, the authentication service web server 
adaptively configured to (see col. 4, lines 46-55) store a pubUc key associated with a public key 
infi-astructure (PKI) key pair in a profile database (see col. 10, hnes 37-42), in response to 
receiving an authentication request from a buyer over a network, the authentication request 
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including a description of the payment transaction and an identity of a seller (see col. 6, lines 16- 
32)5 store a digitally signed record of the payment transaction in a transaction archive, i.e. 
"transaction database" (see col. 8, lines 16-19) and send an authentication response to the seller 
over the network (see col. 6, lines 52-61). Gifford does not expressly disclose the web server 
adaptively configured to send a challenge request to the buyer over the network, the challenge 
request including a message to be digitally signed by the buyer using a private key associate with 
the PKI key pair, or in response to receiving a challenge response fi*om the buyer over the 
network, the challenge response including the digitally singed message, determine whether the 
buyer has access to the private key by using the public key to decrypt the digitally signed 
message. Linehan discloses a web server adaptively configured to send a challenge request to 
the buyer over the network, the challenge request including a message to be digitally signed by 
the buyer using a private key associate with the PKI key pair, or in response to receive a 
challenge response fi'om the buyer over the network, the challenge response including the 
digitally singed message, determine whether the buyer has access to the private key by using the 
public key to decrypt the digitally signed message (see col. 4, hnes 10-44 and col. 7, hnes 21- 
38). At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to modify the system disclose by Gifford to include a web server adaptively 
configured to send a challenge request to the buyer over the network, the challenge request 
including a message to be digitally signed by the buyer using a private key associate with the 
PKI key pair and in response to receive a challenge response fi-om the buyer over the network, 
the challenge response including the digitally singed message, determine whether the buyer has 
access to the private key by using the public key to decrypt the digitally signed message. One of 
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ordinary skill in the art would have been motivated to do this because it provides security and 
verification means, thereby preventing fraud. 

5. Claims 36,43 and 50 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gifford and Linehan as appUed to claims 35, 42 and 49 above, and further in view of US 
Publication NO. 2001/0014158 to Baltzley. 

Gifford discloses PKI key pair (see claims 35 and 42 above). Gifford does not expressly 
disclose creating the PKI key pair, and sending the private key to the buyer over the network. 
Bahzley discloses creating the PKI key pair (see paragraph [0010], and sending the private key 
to the buyer over the network (see paragraph [001 1]). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Gifford to include the steps of creating the PKI key pair, and sending the private key to the buyer 
over the network. One of ordinary skill in the art would have been motivated to do this because 
it prevents fraud by providing additional security. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, TfflS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time pohcy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
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the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 703-305-0057. The 
examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on 703-305-9768. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306, 703-746-9443 for 
Non-Official/Draft. 

Information regarding the status of an appUcation may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for pubUshed applications 
may be obtained from either Private PAIR or PubUc PAIR. Status information for unpublished 
apphcations is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EEC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
PC Box 1450 
Alexandria, VA 22313-1450 



Application/Control Number: 09/818,084 
Art Unit: 3621 

Hand delivered responses should be brought to Crystal Park 5, 2451 Crystal Drive, 
Arlington, V.A., Seventh floor receptionist. 
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August 2, 2004 



